VYPR

Vendor CVEs

Fiberhome

All CVEs

63 total · sorted by risk
  • CVE-2021-27169Feb 10, 2021
    risk 0.00cvss epss 0.20

    An issue was discovered on FiberHome AN5506-04-FA devices with firmware RP2631. There is a gepon password for the gepon account.

  • CVE-2021-27170Feb 10, 2021
    risk 0.00cvss epss 0.16

    An issue was discovered on FiberHome HG6245D devices through RP2613. By default, there are no firewall rules for IPv6 connectivity, exposing the internal management interfaces to the Internet.

  • CVE-2021-27171Feb 10, 2021
    risk 0.00cvss epss 0.18

    An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to start a Linux telnetd as root on port 26/tcp by using the CLI interface commands of ddd and shell (or tshell).

  • CVE-2021-27172Feb 10, 2021
    risk 0.00cvss epss 0.20

    An issue was discovered on FiberHome HG6245D devices through RP2613. A hardcoded GEPON password for root is defined inside /etc/init.d/system-config.sh.

  • CVE-2021-27173Feb 10, 2021
    risk 0.00cvss epss 0.13

    An issue was discovered on FiberHome HG6245D devices through RP2613. There is a telnet?enable=0&key=calculated(BR0_MAC) backdoor API, without authentication, provided by the HTTP server. This will remove firewall rules and allow an attacker to reach the telnet server (used for…

  • CVE-2021-27174Feb 10, 2021
    risk 0.00cvss epss 0.19

    An issue was discovered on FiberHome HG6245D devices through RP2613. wifi_custom.cfg has cleartext passwords and 0644 permissions.

  • CVE-2021-27175Feb 10, 2021
    risk 0.00cvss epss 0.18

    An issue was discovered on FiberHome HG6245D devices through RP2613. wifictl_2g.cfg has cleartext passwords and 0644 permissions.

  • CVE-2021-27176Feb 10, 2021
    risk 0.00cvss epss 0.19

    An issue was discovered on FiberHome HG6245D devices through RP2613. wifictl_5g.cfg has cleartext passwords and 0644 permissions.

  • CVE-2021-27177Feb 10, 2021
    risk 0.00cvss epss 0.20

    An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to bypass authentication by sending the decoded value of the GgpoZWxwCmxpc3QKd2hvCg== string to the telnet server.

  • CVE-2021-27178Feb 10, 2021
    risk 0.00cvss epss 0.18

    An issue was discovered on FiberHome HG6245D devices through RP2613. Some passwords are stored in cleartext in nvram.

  • CVE-2021-27179Feb 10, 2021
    risk 0.00cvss epss 0.14

    An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to crash the telnet daemon by sending a certain 0a 65 6e 61 62 6c 65 0a 02 0a 1a 0a string.

  • CVE-2019-17186Oct 8, 2019
    risk 0.00cvss epss 0.06

    /var/WEB-GUI/cgi-bin/telnet.cgi on FiberHome HG2201T 1.00.M5007_JS_201804 devices allows pre-authentication remote code execution.

  • CVE-2019-17187Oct 8, 2019
    risk 0.00cvss epss 0.11

    /var/WEB-GUI/cgi-bin/downloadfile.cgi on FiberHome HG2201T 1.00.M5007_JS_201804 devices allows pre-authentication Directory Traversal for reading arbitrary files.

Page 2 of 2